# krkn-21.cc — MALICIOUS

> krkn-21.cc hosts credential theft scams flagged by 10 of 95 VirusTotal engines. Domain created 01/10/2025. Check the full report.

## Summary
The website krkn-21.cc is an active credential theft scam posing a high risk to users attempting to log in or submit personal information. This domain is designed to trick individuals into entering sensitive data such as usernames, passwords, or financial credentials by impersonating legitimate services or brands. Users visiting this domain may unknowingly compromise their personal accounts and expose themselves to identity theft or financial fraud.

This domain was registered very recently on January 10, 2025, through NICENIC INTERNATIONAL GROUP CO., LIMITED, which is commonly used by malicious actors for quick deployment of fraudulent sites. VirusTotal analysis reveals that 10 out of 95 security vendors have flagged krkn-21.cc as malicious, confirming its involvement in a phishing scam. The domain resolves to the IP address 188.114.96.3 and uses a Google Trust Services SSL certificate, which may be an attempt to appear legitimate and trustworthy to unsuspecting visitors.

If you have visited krkn-21.cc, it is crucial to immediately cease any interaction with the site and avoid submitting any further information. Users should change passwords for any accounts that may have been compromised, enable multi-factor authentication where possible, and monitor financial statements for suspicious activity. Running a comprehensive antivirus and anti-malware scan on your device is also recommended. Always verify website URLs carefully and be cautious with unexpected login requests to avoid falling victim to such scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-01-10 17:16:46
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 10 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b7aaf6f2-2148-4f62-bce4-b4310a8d0bc9
- PhishDestroy: https://phishdestroy.io/domain/krkn-21.cc/
- LLM endpoint: https://phishdestroy.io/domain/krkn-21.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/krkn-21.cc/
Last updated: 2026-03-29